diff options
| author | Matthew Miller <matthew@millerti.me> | 2020-05-22 18:22:21 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-22 18:22:21 -0700 |
| commit | d6dc6e5bfc588036db2c1b2212b8f8bc74b1c0f5 (patch) | |
| tree | b58d6593de62689f0a13a8ea932e5892aefb29de /packages/server/src/assertion/verifyAssertionResponse.ts | |
| parent | efe856ed238e7a2be8d847c94ba8e0155b17ce9c (diff) | |
| parent | 2548e4fd6a5e3d82b2f1b348eec442bd318e4872 (diff) | |
Merge pull request #2 from MasterKale/feature/example-site
feature/example-site
Diffstat (limited to 'packages/server/src/assertion/verifyAssertionResponse.ts')
| -rw-r--r-- | packages/server/src/assertion/verifyAssertionResponse.ts | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/packages/server/src/assertion/verifyAssertionResponse.ts b/packages/server/src/assertion/verifyAssertionResponse.ts index fb668f4..a3b631b 100644 --- a/packages/server/src/assertion/verifyAssertionResponse.ts +++ b/packages/server/src/assertion/verifyAssertionResponse.ts @@ -1,17 +1,16 @@ import base64url from 'base64url'; import { AuthenticatorAssertionResponseJSON, - U2F_USER_PRESENTED, AuthenticatorDevice, VerifiedAssertion, } from "@webauthntine/typescript-types"; import decodeClientDataJSON from "@helpers/decodeClientDataJSON"; -import parseAssertionAuthData from './parseAssertionAuthData'; import toHash from '@helpers/toHash'; import convertASN1toPEM from '@helpers/convertASN1toPEM'; import verifySignature from '@helpers/verifySignature'; +import parseAuthenticatorData from '@helpers/parseAuthenticatorData'; /** * Verify that the user has legitimately completed the login process @@ -40,19 +39,13 @@ export default function verifyAssertionResponse( } const authDataBuffer = base64url.toBuffer(base64AuthenticatorData); - const authData = parseAssertionAuthData(authDataBuffer); + const authDataStruct = parseAuthenticatorData(authDataBuffer); + const { credentialID, flags, counter } = authDataStruct; - if (!(authData.flags & U2F_USER_PRESENTED)) { + if (!(flags.up)) { throw new Error('User was NOT present during assertion!'); } - const { - rpIdHash, - flagsBuf, - counterBuf, - counter, - } = authData; - if (counter <= authenticator.counter) { // Error out when the counter in the DB is greater than or equal to the counter in the // dataStruct. It's related to how the authenticator maintains the number of times its been @@ -63,6 +56,12 @@ export default function verifyAssertionResponse( ); } + const { + rpIdHash, + flagsBuf, + counterBuf, + } = authDataStruct; + const clientDataHash = toHash(base64url.toBuffer(base64ClientDataJSON)); const signatureBase = Buffer.concat([ rpIdHash, @@ -76,6 +75,10 @@ export default function verifyAssertionResponse( const toReturn = { verified: verifySignature(signature, signatureBase, publicKey), + authenticatorInfo: { + counter, + base64CredentialID: response.base64CredentialID, + }, }; return toReturn; |